nfs-utils: Information disclosure
— GLSA 201412-02

Affected Packages

Package

net-fs/nfs-utils on all architectures

Affected versions

< 1.2.8

Unaffected versions

>= 1.2.8

Background

nfs-utils contains the client and daemon implementations for the NFS
protocol.

Description

rpc.gssd in nfs-utils is vulnerable to DNS spoofing due to it depending
on PTR resolution for GSSAPI authentication, allowing for data to be
submitted to a malicious server without the knowledge of the user.